遊客站內搜尋的錯誤 - 52AV手機A片王|52AV.ONE

private function _xss_check() {
5 @2 y" n6 x* N2 V8 A, X- }/ p, g
% e5 u; c* k1 Q! S! D
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
2 p5 |7 k- J* y# T1 y
) o0 g3 u4 b4 ^( Q
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
& c' R7 }9 X. h
system_error('request_tainting');
; W( |' j: q0 T( o+ t
}. o4 a5 C! I. |0 d/ ]
! \1 f$ w6 r- `* S
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
6 B4 l" b4 B' o1 Y# h: E1 Y
$temp = $_SERVER['REQUEST_URI'];: T* S3 E* i+ n( \
} elseif(empty ($_GET['formhash'])) {. N% s0 V0 s% J9 S1 l1 h( O% T9 Q6 L# H
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');4 c: H a- C4 n/ F# }
} else {' R6 m* a0 H6 X9 ?4 C
$temp = '';
+ J$ r% [* f/ _! P, x
}* c8 q7 Z5 k" M' T P x
( N5 q8 m6 U$ \
if(!empty($temp)) {" Z+ t9 y" W, g5 C8 I$ H. G
$temp = strtoupper(urldecode(urldecode($temp)));! x* J, `5 K+ d+ p! W4 x# c( m
foreach ($check as $str) {$ O3 Q1 c: P* ~8 ~/ y: R
if(strpos($temp, $str) !== false) {/ J# W2 M* q" s- d. s& k
system_error('request_tainting');
* j9 F$ \6 t2 O5 g, ?. b0 n
}& P' ~0 |; r- ^- @: `* d) o/ w( |3 b
}* c5 {% |& A5 l2 m5 O* c0 M: h
}$ ?# ]" y$ M& I) I `
* n+ M& c- G" n( N9 U
return true;9 s' m/ m* z0 N: O& n
}

複製代碼

private function _xss_check() {
4 r8 D8 n8 A( o
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));; M: C% S' B; E( C0 _3 [
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
( z$ a9 @# Z& x+ O/ T2 _5 K/ q
system_error('request_tainting');
( O. h+ z( p3 j; \* @ n* z3 K7 L
}" B; m8 b3 p# u4 @
return true;
, v/ @& D0 y! K2 s# N( H
}

複製代碼